Helix

Helix Case Management

Helix Case Management

Ron Keyston discusses case management in Helix in which he reviews how to create a case, the features available in case management and the ability that Helix has to record revision and case note history within the tool.

MQL Introduction

MQL Introduction

Nate Hancock shares ways to find malware on a network using MQL (Mandiant Query Language), how to search for event data in Helix and how to customize those searches using MQL.

Understanding Unknown Event Data

Understanding Unknown Event Data

Nate Hancock explains that although unknown event data in Helix is common, in significantly small percentages, it’s not usually something to worry about and not necessarily a bad thing.

Building Custom Dashboards

Building Custom Dashboards

Chris Schreiber shares how a user can utilize the custom dashboard feature in FireEye Helix to build a report about alerts in an environment over time to better manage reporting.

Editing a Case in Helix

Editing a Case in Helix

Nate Hancock shares how to edit cases in FireEye Helix to better organize documentation and investigations on a supported network.

Tuning Rule Queries

Tuning Rule Queries

Ron Keyston shares how to filter out noise in a Helix environment and focus on alerts that matter using Rule Query Tuning and Alert Volume Management.

Helix Operational Dashboard

Helix Operational Dashboard

Ron Keyston explains how to use the FireEye Helix Operational Dashboard to monitor the health and status of the appliances connected to your Helix environment along with the data flowing into it.

Hunting for Weak Indicators

Hunting for Weak Indicators

Chris Schreiber uses FireEye Helix’s analytics modules to hunt for weak indicators in an environment to suss out potentially compromised user accounts.

Event Data and Parsing

Event Data and Parsing

Nate Hancock uses FireEye Helix to illustrate how correct parsing of raw message data from the NX log can lead to successful searches within your environment.

Valuable MQL Searches

Valuable MQL Searches

Nate Hancock uses FireEye Helix to share some valuable MQL malware searches such as com broker, cloud collector or a ‘groupby’ search to find event data.

Scroll to Top